如何使用Laravel 5.1执行原始查询？

Question

如何使用Laravel 5.1执行原始查询？

San*_*ers 58 php mysql sql database laravel-5.1

所以我有这个小查询在我的数据库上运行,它在MySQL Workbench中工作正常.基本上,SELECT LEFT JOIN和UNION再次LEFT JOIN.

SELECT
    cards.id_card,
    cards.hash_card,
    cards.`table`,
    users.name,
    0 as total,
    cards.card_status,
    cards.created_at
FROM cards
LEFT JOIN users
ON users.id_user = cards.id_user
WHERE hash_card NOT IN ( SELECT orders.hash_card FROM orders )
UNION
SELECT
    cards.id_card,
    orders.hash_card,
    cards.`table`,
    users.name,
    sum(orders.quantity*orders.product_price) as total, 
    cards.card_status, 
    max(orders.created_at) 
FROM menu.orders
LEFT JOIN cards
ON cards.hash_card = orders.hash_card
LEFT JOIN users
ON users.id_user = cards.id_user
GROUP BY hash_card
ORDER BY id_card ASC

Run Code Online (Sandbox Code Playgroud)

试图将其翻译成Laravel,但没有成功.

$cards = Card::selectRaw('cards.id_card, cards.hash_card ,cards.table, users.name, 0 as total, cards.card_status, cards.created_at as last_update')
                ->leftJoin('users','users.id_user','=','cards.id_user')
                ->whereNotIn( 'hash_card', Order::select('orders.hash_card')->get() )
                ->union(
                        Order::selectRaw('cards.id_card, orders.hash_card, cards.table, users.name, sum(orders.quantity*orders.product_price) as total, cards.card_status, max(orders.created_at) as last_update')
                        ->leftJoin('cards','cards.hash_card','=','orders.hash_card')
                        ->leftJoin('users','users.id_user','=','cards.id_user')
                )
                ->groupBy('hash_card')
                ->orderBy('cards.id_card','asc')
                ->get();

Run Code Online (Sandbox Code Playgroud)

我收到了错误

Builder.php第1249行中的ErrorException:未定义属性:Illuminate\Database\Eloquent\Builder :: $ bindings

如何在Laravel中执行完全原始的查询或在Laravel中以正确的方式编写查询？

Answer 1

San*_*ers 118

我找到了这个主题的解决方案,我编写了这个代码:

$cards = DB::select("SELECT
        cards.id_card,
        cards.hash_card,
        cards.`table`,
        users.name,
        0 as total,
        cards.card_status,
        cards.created_at as last_update
    FROM cards
    LEFT JOIN users
    ON users.id_user = cards.id_user
    WHERE hash_card NOT IN ( SELECT orders.hash_card FROM orders )
    UNION
    SELECT
        cards.id_card,
        orders.hash_card,
        cards.`table`,
        users.name,
        sum(orders.quantity*orders.product_price) as total, 
        cards.card_status, 
        max(orders.created_at) last_update 
    FROM menu.orders
    LEFT JOIN cards
    ON cards.hash_card = orders.hash_card
    LEFT JOIN users
    ON users.id_user = cards.id_user
    GROUP BY hash_card
    ORDER BY id_card ASC");

Run Code Online (Sandbox Code Playgroud)

实际上你甚至不需要嵌套DB :: Raw调用.你可以调用DB :: select("...你的查询字符串......"); (4认同)
如果可以,我有一个问题.在Laravel 5(确切地说是5.3)中通过查询构建器(有或没有DB :: raw)使用原始sql查询是否足以阻止sql注入？我找到了一些关于它的文章,但它适用于Laravel 4.我找不到一个令人信服的确认. (4认同)
您可以将参数绑定到原始查询以防止SQL注入... https://laravel.com/docs/5.5/database#running-queries (3认同)
就其本身而言,DB :: select不能防止SQL注入.但是,通过确保所有用户提供的输入都通过$ safe_string = DB :: connection() - > getPdo() - > quote($ string)运行,您可以保护您的代码. (2认同)

Answer 2

小智 22

    DB::statement("your query")

Run Code Online (Sandbox Code Playgroud)

我用它在迁移中向列添加索引

归档时间：	10 年前
查看次数：	129321 次
最近记录：	6 年，11 月前